ldapServiceName in sasl binding
Xu, Qiang (FXSGSC)
Qiang.Xu at fujixerox.com
Tue Jun 30 03:40:02 EDT 2009
Hi, all:
Usually, before sasl binding, GSSAPI library will initiate a reverse DNS lookup (PTR query) to find the server's FQDN, then issue a request for TGT (TGS-REQ) to get the service ticket. After that, sasl binding will begin.
On some occasion, I find a network trace (captured during sasl binding) that doesn't do the reverse DNS lookup. Instead, it does a simple binding first, to get the server's attribute "ldapServiceName". Then, after some forward DNS lookups (to resolve hostname to IP address, but without PTR query), TGS-REQ is sent out and TGS-REP is received. After that, sasl binding begins. It seems with this attribute passed in, the reserse DNS lookup is not necessary any more.
What's the mechansim behind the scene? Is there any programming interface to notify GSSAPI library (/usr/lib/libgssapiv2.so) to use the value of the attribute "ldapServiceName", and not do a reverse DNS lookup?
Thanks,
Xu Qiang
More information about the Cyrus-sasl
mailing list